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5 FAH-11 H-811 PURPOSE 

(CT:IAH-2; 03-07-2007) 

a. Federal requirements relating to network connectivity in the U.S. 
Government require a formalized process incorporating security measures 
to protect the connected systems and shared data. 

b. The requirements for interagency connectivity, including system 
interconnection and information sharing, are derived from Office of 
Management and Budget (OMB) Circular A-130, Appendix III, as well as 
National Institute Standards and Technology (NIST) Special Publication 
(SP) 800-47 and Committee for National Security Systems (CNSS) 
policies and instructions. Network extensions must be in accordance with 
requirements in 12 FAM 600 and 5 FAM 550. 

c. Chapter 5 FAH-11 H-800 provides procedures for planning, establishing, 
maintaining, and terminating interconnections between Department and 
non-Department information technology (IT) systems, including 
extensions of the Department's OpenNet and ClassNet networks. 

5 FAH-11 H-812 OBJECTIVES 

(CT:IAH-2; 03-07-2007) 

a. Agencies may interconnect their systems for a variety of reasons 

depending on their agency's needs or the requirements of Executive or 
Congressional mandates. For example, agencies may: 

(1) Exchange data and information among selected users; 

(2) Provide customized levels of access to proprietary databases; 
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(3) Collaborate on joint projects; 

(4) Provide full-time communications (i.e., 24 hours per day, 7 days 
per week); 

(5) Provide on-line training; and 

(6) Provide secure storage of critical data and backup files. 

b. Agencies may realize significant benefits through a system connection, 
including reduced operating costs, greater functionality, improved 
efficiency, centralized data access, and strengthened communication and 
operational ties. The business case included in the connection application 
must document anticipated benefits for the Department. 

5 FAH-11 H-813 TYPES OF CONNECTIONS 

(CT:IAH-2; 03-07-2007) 

Agencies may connect their systems using two primary types of connections: 

(1) Dedicated lines: One agency can own these lines or a third party 
can lease these lines. This type of line provides a high level of 
security because the line may be breached only through a direct 
physical intrusion; or 

(2) Virtual private network (VPN): A data network that enables two 
or more parties to communicate securely across a public network 
using a private connection or tunnel between them. Since 
unauthorized parties can intercept data transmitted over a public 
network, the use of authentication and encryption is necessary to 
ensure data integrity and confidentiality. 

5 FAH-11 H-814 CONNECTION LEVELS 

(CT:IAH-2; 03-07-2007) 

The extent to which an agency may access data and information resources is 
dependent on its mission and security needs. Therefore, agencies may elect 
from a range of system access levels as follows: 

(1) Limited access: Users are restricted to a single application (e.g., 
e-mail) or file location with rules governing access; 

(2) Medium access: A broader interconnection that enables users to 
access multiple applications, databases, or a network (e.g., 
OpenNet); or 

(3) Full access: The broadest interconnection that permits users full 
transparency, access, and data exchanges across their respective 
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enterprises. 

5 FAH-11 H-815 EXTENSIONS 

(CT:IAH-2; 03-07-2007) 

a. A network extension is an expansion of a network's boundaries to include 
a deployment of Department-approved hardware to a non-Department 
entity location and not involving an interconnection to another system or 
extranet. 

b. The network hardware comprising an extension, while logically within the 
network's boundaries, is physically located outside the Department's 
immediate sphere of control. Therefore, the Department must provide 
and implement special guidance beyond that boundary, normally 
associated with the network, in order to ensure the integrity of the 
network. 

5 FAH-11 H-816 THROUGH H-819 
UNASSIGNED 
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